Non-blocking TLS protocol with unexpected behaviour

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Non-blocking TLS protocol with unexpected behaviour

Martin Kempe
Hello BC developers,

I'd like to point out an issue with BC that I opened about a year ago: https://github.com/bcgit/bc-java/issues/133

I just found the reason why I can send up to 65kB of random data to a BC TLS server without termination of the handshake. My TLS server makes use of BC TlsProtocol in non-blocking mode. The random data is not being processed. So I think this is not a big thing. But I find it's a quite unexpected behaviour that maybe could be changed at one of the upcoming releases.

Viele Grüße
Martin


smime.p7s (10K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Non-blocking TLS protocol with unexpected behaviour

Peter Dettman-3
Hi Martin,
Thanks for the reminder. It appears TlsProtocol.offerInput is not
applying the same immediate checks to the TLS record header fields that
RecordStream does, so that can be improved.

Regards,
Pete Dettman

On 3/03/2017 5:41 PM, Martin Kempe wrote:

> Hello BC developers,
>
> I'd like to point out an issue with BC that I opened about a year
> ago: https://github.com/bcgit/bc-java/issues/133
>
> I just found the reason why I can send up to 65kB of random data to a
> BC TLS server without termination of the handshake. My TLS server
> makes use of BC TlsProtocol in non-blocking mode. The random data is
> not being processed. So I think this is not a big thing. But I find
> it's a quite unexpected behaviour that maybe could be changed at one
> of the upcoming releases.
>
> Viele Grüße Martin
>